jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

postfix: use hardening flags from stdenv

Browse Source
This commit is contained in:
Robin Gloster 2016-02-27 11:50:34 +00:00
parent 14177f5e0b
commit cfffac2a90
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/servers/mail/postfix/2.11.nix
View File

@ -36,9 +36,8 @@ stdenv.mkDerivation rec {
export sendmail_path=$out/bin/sendmail
make makefiles \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \
-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now'
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl'
'';
installTargets = [ "non-interactive-package" ];

5
pkgs/servers/mail/postfix/3.0.nix
View File

@ -9,12 +9,11 @@ let
ccargs = lib.concatStringsSep " " ([
"-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl}/include/sasl"
"-DHAS_DB_BYPASS_MAKEDEFS_CHECK"
"-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2"
] ++ lib.optional withPgSQL "-DHAS_PGSQL"
++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${libmysql}/include/mysql" ]
++ lib.optional withSQLite "-DHAS_SQLITE");
auxlibs = lib.concatStringsSep " " ([
"-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now"
"-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl"
] ++ lib.optional withPgSQL "-lpq"
++ lib.optional withMySQL "-lmysqlclient"
++ lib.optional withSQLite "-lsqlite3");
@ -37,6 +36,8 @@ in stdenv.mkDerivation rec {
patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ./post-install-script.patch ];
hardening_pie = true;
preBuild = ''
sed -e '/^PATH=/d' -i postfix-install
sed -e "s|@PACKAGE@|$out|" -i conf/post-install

3
pkgs/servers/mail/postfix/default.nix
View File

@ -15,6 +15,7 @@ stdenv.mkDerivation rec {
buildInputs = [db openssl cyrus_sasl bison perl];
hardening_format = false;
hardening_pie = true;
patches = [
./postfix-2.2.9-db.patch
@ -41,7 +42,7 @@ stdenv.mkDerivation rec {
export sample_directory=$out/share/postfix/doc/samples
export readme_directory=$out/share/postfix/doc
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now'
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl'
'';
installPhase = ''